Explore OpenCTI or OpenAEV platform with 30 days Free Trial!
XTM Hub by FiligranSign In
ONYPHE logo

ONYPHE

Infrastructure & Attack Surface Visibility

Overview

ONYPHE connector enriches observables and indicators with Internet intelligence for threat intelligence (ctiscan) and attack surface management (riskscan).

The ONYPHE enrichment connector supports two complementary use cases via separate data categories.

For threat intelligence (ctiscan), it enriches observables with detailed Internet scan data and mapping for open ports, protocols, banners and relationships — including ASNs, organizations, certificates, DNS domains, technologies, ports, countries and analytical pivots such as JA4S and HHHash.

For attack surface management (riskscan), it enriches IP addresses, hostnames and domains with exposure data: open services, risk tags (e.g. risk::opendatabase), CVE vulnerabilities and associated infrastructure.

In addition, Indicators can be enriched using the 'onyphe' pattern to run threat-hunting queries within the OpenCTI platform and import matching observables.

Multiple instances of the connector can run side by side — one per category — each with independent scope, confidence and auto-enrichment settings.

Basic information

ONYPHE
Vendor Contact
Connectors
Internal enrichment
6.9.3
1

    We use cookies to make the XTM Hub work, understand how it's used, and improve your experience. Strictly necessary cookies are always on. With your consent, we also use optional cookies for functionality, performance and analytics, and marketing. You can accept all, reject all, or choose which optional cookies to allow. You can change your preferences at any time via "Cookie settings". See our Cookie Policy for more information.